Gmail has been committed to creating a secure-by default experience that is based on solid defenses. It is a fundamental design principle. As a result, Gmail has a solid security foundation with built-in protections that help filter out malicious messages. These defenses are essential for keeping Gmail users safe. However, email is part of an interconnected, complex ecosystem that we continue to invest in and protect. Gmail first announced its Brand Indicators for Message ID (BIMI) pilot in 2013. Today, we announce that Gmail will be implementing general support for BIMI. This industry-standard aims to increase the adoption of solid sender authentication across the entire email ecosystem. BIMI gives email recipients and email security systems greater confidence in email origin and allows senders to offer a more immersive experience.
“Bank of America has many security measures in place to help our customers. We constantly improve our program to provide best-in-class protection.” Our partnership with Google on BIMI is a part of this effort. It allows us to verify that the correspondence is genuine.
BIMI allows organizations to authenticate their email using Domain-based Message Authentication Reporting and Conformance (DMARC). This standard provides:
Strong sender authentication.
Allowing security systems to filter better.
Separating legitimate from potentially spoofed messages.
It also allows them to validate their ownership of their logos and securely transmit them back to Google. In addition, BIMI is easy to use: DMARC-enabled organizations can display their logos on authenticated emails sent from their subdomains and domains.
It is how it works: Organizations that authenticate their email using Sender Policy Framework or Domain Keys Identified Mail(DKIM), and deploy DMARC, can submit their trademarked logos via a Verified Mark Certificate to Google. BIMI uses Mark Verifying Authorities (such as Certification Authorities) to verify logo ownership and provide proof that verification in a VMC. After these authenticated emails have passed our anti-abuse tests, Gmail will display the logo in the current avatar slot.
“Gmail's support for BIMI is a win both for email authentication and brand trust. BIMI allows organizations to offer their customers a more immersive experience and strengthens email sender authentication across all email ecosystems.” — Seth Blank (Chair of the AUTH Indicators Working Group).
It is only the beginning of BIMI. The standard plans to extend support across logotypes and validators. BIMI supports logo validation by supporting trademarked logos being validated, as they are a common target for impersonation. Entrust, and DigiCert are now supporting BIMI as Certification Authority. The BIMI working groups expect that this list will grow in the future. Visit the website of the working group to learn more about BIMI and get the most recent news.
For BIMI to be effective, make sure your organization has adopted DMARC and validated your logo with a VMC. Gmail users do not need to take any action. Gmail users can take no action, and we are proud to have been a leader in establishing and supporting BIMI standards. We will continue to support all efforts to improve security across the email ecosystem.